Security & Testing Agent Skills

Node.js Jest Testing

Implements comprehensive testing suites for Node.js applications using Jest, covering unit tests, mocking, and API integration.

Validate Test Reality

Validates test coverage against real-world production scenarios and identifies critical gaps between specifications and reality.

Input Validation Security

Protects applications by implementing exhaustive validation at trust boundaries and mitigating common injection vulnerabilities.

Input Validation & XSS Prevention

Validates and sanitizes user input using Zod schemas to protect web applications against XSS, injection attacks, and data corruption.

Implement Feature

Implements software features from task specifications using Test-Driven Development (TDD) and automated validation.

Security Headers

Configures robust HTTP security headers to protect web applications against clickjacking, cross-site scripting (XSS), and data exfiltration.

Defense-in-Depth Validation

Implements multi-layered data validation strategies to eliminate deep-system failures and make bugs structurally impossible.

Dependency & Supply Chain Security

Audits and secures software dependencies to prevent supply chain attacks and mitigate known vulnerabilities in application packages.

Resource Exhaustion Security

Identifies and mitigates resource exhaustion and denial-of-service vulnerabilities in AI-generated code by implementing strict operational limits and resource-aware patterns.

Complete Test Coverage

Achieves 100% test coverage through progressive test writing, redundancy elimination, and automated fixture restructuring.

Payment Security

Implement secure subscription billing and payment gating using Clerk Billing and Stripe while ensuring PCI-DSS compliance through outsourced card data handling.

Information Leakage Prevention

Prevents the exposure of sensitive credentials and private data by identifying hardcoded secrets and insecure logging patterns in generated code.

Security Operations

Provides comprehensive operational security guidance for web application deployment, monitoring, and secret management.

Supply Chain Risk Management

Identifies and mitigates supply chain vulnerabilities in AI-generated code, including outdated packages, typosquatting, and dependency confusion attacks.

Injection Vulnerability Awareness

Identifies and remediates common injection vulnerabilities in AI-generated code, including SQL injection, command injection, and cross-site scripting (XSS).

Security Awareness Overview

Provides a comprehensive framework for understanding and mitigating the security risks associated with AI-generated code and the "vibe coding" development paradigm.

Eval Harness

Implements an Eval-Driven Development (EDD) framework to ensure reliability and regression testing for AI-generated code.

CSRF Protection

Secures web applications by implementing Cross-Site Request Forgery (CSRF) protection using cryptographic token validation and secure cookie policies.

Claude Permissions

Manages and configures security permissions, sandboxing environments, and tool access protocols for Claude Code.

Mobile Responsive Testing

Automates comprehensive UI responsiveness checks across multiple device breakpoints and touch interaction standards.

IDA Pro Headless Analysis

Performs automated binary analysis and reverse engineering using IDA Pro's modern Pythonic Domain API.

C Memory Safety & Security

Safeguards native C code by enforcing memory safety patterns, bounds checking, and preventing common vulnerabilities like buffer overflows.

Code Verification Loop

Establishes a comprehensive multi-stage validation system to ensure code quality, security, and stability before production deployment or PR submission.

AST-Grep Code Search

Executes precise, structural code searches and analysis using Abstract Syntax Tree (AST) patterns to identify complex language constructs.

IDA Plugin Packager

Simplifies the packaging and distribution of IDA Pro plugins for the Hex-Rays Plugin Manager ecosystem.

SDD Code Reviewer

Validates code implementations against technical specifications to ensure strict functional compliance and identify scope creep.

Standalone Skill Test Fixture

Validates the implementation of minimal, single-file Claude Code skills without subdirectory dependencies.

SOX Compliance Guidelines

Implements rigorous financial reporting controls and audit trails to meet Sarbanes-Oxley (SOX) regulatory requirements.

Skill Validator

Ensures skill and Model Context Protocol (MCP) implementations align with their manifests by performing Codex-powered semantic comparisons of code against descriptions, preconditions, and effects.

TDD Workflow for Claude Code

Enforces rigorous Test-Driven Development (TDD) practices with mandatory 80% coverage across unit, integration, and E2E tests.